Subscribe to our Threatpost Today newsletter

Join thousands of people who receive the latest breaking cybersecurity news every day.

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

*

*

I agree to my personal data being stored and used to receive the newsletter

*

I agree to accept information and occasional commercial offers from Threatpost partners

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Facebook Creates .Onion Site; Now Accessible Via Tor Network

UPDATE – Facebook has entered the hidden services with a new .onion site that will let Tor Network users sign into the world’s (second) most populace social network.

UPDATE – This story has been updated with commentary from the Tor Project.

Facebook announced today that the social network will now be directly available to users as a Tor hidden service.

The Tor Project is an Internet-traffic anonymization service that relays user traffic through a number of proxy servers all around the world in order to cloak true IP addresses and identities. Tor users can connect with similarly anonymized Web-servers located in the “.onion” top level domain. These servers are referred to as Tor Hidden Services.

In the past, Tor users have had issues connecting anonymously to Facebook.

“Using normal Facebook over Tor was often a challenge for many reasons; users would have trouble logging in, be forced to identify friends in photos, be forced to change passwords, and so on,” Runa Sandvik, a Tor advocate and project volunteer credited with assisting and advising Facebook, told Threatpost in an email interview. “Now, you can log on and also register – to Facebook over Tor by using the .onion site without running into any of these issues. Your connection is also end-to-end encrypted, that is to say there is no exit relay in the picture here that can see that you are browsing Facebook over Tor.”

Many of the problems that Tor users have experienced when attempting to log into Facebook arise from well-intentioned security controls built into the social network’s infrastructure.

“Tor challenges some assumptions of Facebook’s security mechanisms – for example its design means that from the perspective of our systems a person who appears to be connecting from Australia at one moment may the next appear to be in Sweden or Canada,” explained Alec Muffett, a Software Engineer for Security Infrastructure at Facebook London. “In other contexts such behaviour might suggest that a hacked account is being accessed through a ‘botnet’, but for Tor this is normal.”

This seemingly counter-intuitive marriage of one service that promotes online anonymization and another that profits off the personal information of its user-base abrades logical thinking — at least on the surface. Roger Dingledine of the Tor Project suggests that accessing Facebook through Tor is not a contradiction, though only after “putting aside the (still very important) questions of Facebook’s privacy habits, their harmful real-name policies, and whether you should or shouldn’t tell them anything about you.” The key point, Dingledine writes, is that anonymity isn’t just about hiding from your destination.

“There’s no reason to let your ISP know when or whether you’re visiting Facebook,” Dingledine said. “There’s no reason for Facebook’s upstream ISP, or some agency that surveils the Internet, to learn when and whether you use Facebook. And if you do choose to tell Facebook something about you, there’s still no reason to let them automatically discover what city you’re in today while you do it.”

Also, privacy preferences aside, there are a number of countries, like China and Iran, in which Facebook is inaccessible through the public Web. In such countries, traveling through a proxy service like Tor is often the only way to access a service like Facebook’s.

Dingledine goes on to explain both in his blog post and in the comments thereafter that Facebook’s cooperation with Tor carries a broader message about legitimate use of the so-called “Dark Web.” The Dark Web, which Dingledine suggests should be called the “Private Web” (as opposed to the public one that profits off user information) basically refers to Tor’s Hidden services but also to other parts of the Web not indexed by search engines.

In its announcement, Facebook makes clear that the service is in an experimental phase at the moment and that there will likely be bugs to work out.

Facebook’s move into the hidden services is not the only novelty at play here. Facebook’s .onion address will connect users to its core infrastructure. This means that users connecting to Facebook’s datacenter via Tor will be doing so directly rather than through an exit relay. Furthermore, Facebook has outfitted its hidden services site with an SSL certificate so that users won’t have to deal with SSL certificate warnings and can therefore be assured they are in fact connecting to the real Facebook.

Come on gang, I know you all think that the right to privacy is Sacrosanct. Tell it to the kids being abused in pornography. That is itself is illegal in the US. I have been at the ROAD site and it had links to murder for hire and child pornography. Ergo, what the FBI did was totally legal with or without a warrant. Murder is also illegal in the US. TOR has no redeeming social value. The links on TOR to child pornography, the sale of weapons illegal in the US and the sale of heroin, also illegal in the US, out weigh any legitimate links by 95%. II have tried to find one legitimate political site and could not. They are childish. There are support groups and forums for pedophiles and rapist of children saying what they like to do to kids.
If TOR had any socially redeeming philosophy they would not let child pornographers link up there on the onion. Let them figure out how to do it on their own. One must take the good with the bad. On TOR the bad outweighs the good 95 to 5 at best.
If you want to "blow the whistle" use hard copy mail. Why did the unabomber and bin laden stay free for sooooo long. They eschewed the internet.
GOOD FOR THE FBI .
DO NOT DELUDE YOURSELF THAT PERVS ARE NOT IDENTIFIABLE ON TOR.
TOR has been hacked by the FBI, Anonymous, NSA and law enforcement around the world.
USE Bitcoins at your own Peril!!!
If you really want stuff secure use flash dives, change computers and networks on which you work. Snail mail stuff.
TOR IS NOT SECURE and there are now viruses traveling the TOR network for financial ill gotten gain.
Legitimate data is secure, all you need to do is get encryption on your hard drives, documents, and emails. Meaning encryption keys, public and private. Why would you trust a VPN or TOR. After all they are run by people. People are the weakest link in any security system.
People have the ability to get your MAC addresses on TOR now.
Legitimate people do not need TOR. Pornographers of children and criminals do.

Legitimate people do not need TOR. Pornographers of children and criminals do.
1. The U.S. Navy developed Tor with the intent of protecting intel communications? Likely the FBI uses it themselves, as well as the other intelligence agencies, especially when working abroad. Anonymous conceals themselves with it also, but they aren't a government agency.
2. Tor helped the illegal-surveillance whistleblowers safely communicate?
3. Political dissenters may choose to use hidden sites, as a regular net site can often be dangerous, as opposed to a "dark" site? It's also very useful in countries where the Internet is censored.
Then again, you're probably a strawman.

Authors

Threatpost

InfoSec Insider Post

InfoSec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Sponsored

Sponsored Post

Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.